Editor’s Note: This story is reprinted from
Computerworld. For more Mac coverage, visit
Computerworld’s Macintosh Knowledge Center.
Comparing any Mac OS release with Windows is often like comparing aphids and orangutans. That is particularly true when looking at Apple’s Mac OS X Leopard Server and Microsoft Corp.’s Windows 2003 Server. Although they ultimately provide very similar features — directory services, file and print services, various Internet services, and so forth — the two platforms seem to be designed from completely different mind-sets.
An excellent example of this is the two companies’ vastly different approaches to software licensing. Windows Server is available in around half a dozen different variations, each with different pricing and feature sets aimed at specific environments. By contrast, there is only a single version of Mac OS X Server that makes all features available to anyone who buys it.
Also, Mac OS X Server comes with only two license variations, a 10-client version and an unlimited client version. Leopard Server doesn’t add the complication (or expense) of client access licensing. This is when administrators must buy licenses for each user or device that connects to the server, as well as a license to install and run the server operating system itself. Windows requires client access licensing.
Although the 10-client version of Leopard Server simply will not respond to more than 10 file-sharing clients at a time, other services are not actually restricted to 10 clients, according to Apple’s specs. Costs aside, this makes licensing of Mac OS X Server far simpler and more predictable than Windows Server.
Despite their differences, the systems have a number of underlying similarities. Both Microsoft’s Active Directory and Apple’s Open Directory rely on a customized Lightweight Directory Access Protocol (LDAP) database as a repository for directory services, and both use Kerberos for secure authentication. Both Active Directory’s Group Policies and Apple’s Managed Preferences allow administrators to secure workstations and predefine many settings of the user experience of the operating system and applications.
Both also allow for replication of their directory services among multiple servers to boost fault tolerance and performance, particularly in organizations with multiple work sites connected by slow network links or with many users and workstations within individual sites.
Both offer file and printer sharing that can support multiple protocols, including the Windows native SMB/CIFS (Server Message Block/Common Internet File System), Mac native AFP (Apple Filing Protocol) and the Unix NFS (Network File System). Apple’s support is somewhat easier to implement because options for all three protocols are automatically installed with the server operating system rather than being components that require additional installation. And both offer Web, e-mail, calendaring and other collaborative tools.
Directory Services and account management
Thanks to their reliance on LDAP and Kerberos, both systems have unique schemas that can be extended. Although Apple relies primarily on LDAP for authentication queries, Windows Active Directory clients natively prefer the proprietary ADSI (Active Directory Service Interface) protocol, though Active Directory supports LDAP as well. Both systems provide for secure authentication, and one can integrate Active Directory with Open Directory in a single network environment. In this integrated scenario, servers and clients of both systems can rely on a single directory services environment for authentication and management, or they can be part of a more complex environment combining multiple directory systems.
Active Directory is, however, more robust in some aspects. Although both systems support directory server replication, Active Directory traditionally sports better replication options. As one example, each domain controller can accept changes to records and accounts that are then propagated to all the others. Open Directory has always functioned in a single master server with many replicas, similar to the Windows NT primary domain controller (PDC) and backup domain controller (BDC) model, in which changes other than password updates must be made on the master and then copied to each replica.
This situation creates a single point of failure; replicas will process authentication and other requests if a master fails, but updates other than password changes can’t be made until the master is restored or replaced by promoting a replica. It has also traditionally had the potential to reduce performance because all replicas must update their information from a single source — the master.
To some extent, this is changing with Leopard Server, which provides for two-tiered or cascading replication. This is when first-level replicas receive updates from the master, and a second level of replicas can update from the first-level replicas (referred to as relays when two-tiered replication is in use). This relieves some of the replication performance issues, but doesn’t address the fact that the master remains the single point of modification for most accounts and records. As a result, in enterprise deployments, Active Directory still supports more complex replication topologies than Leopard Server.
Other ways Active Directory is more flexible includes the concept of forests, a method for grouping multiple Active Directory domains, each with its own namespace and set of accounts for users, groups and computers, and trusts, which allow accounts in one domain to access to resources in another domain. The ability to establish relationships among domains allows accounts in one domain to access resources managed by a different domain within the organization’s infrastructure. This allows for a great deal of flexibility within a larger enterprise network.
Leopard Server offers some multidomain capabilities, particularly by introducing cross-domain authorization to let a single Open Directory domain to be subordinate to another domain in either Active Directory or Open Directory. It remains to be seen, though, just how much more flexible this will make Open directory when compared with Active Directory.
Despite the historic benefits of Active Directory, Leopard Server’s Open Directory is still very viable for larger multisite infrastructures where Mac OS X Server had previously not been an optimal choice. It includes the ability to host a Windows NT-style domain, seamlessly responding to requests from Windows clients with the master server acting as a PDC and replicas acting as BDCs. Leopard Server also provides a great deal of dual-platform client support, including the ability to host roaming profiles.
It’s not perfect, however. Active Directory provides little built-in support for Mac clients. However, Apple’s use of Samba and LDAP means that Mac OS X can authenticate against Active Directory.
File and print services
Both server operating systems provide file sharing and print services. In a default installation, Windows Server support is limited to SMB/CIFS file sharing aimed at Windows clients, though optional installs of Services for Mac and Services for Unix provide support for other client types. Mac OS X Server, by contrast, includes full support for sharing over Apple’s native AFP, SMB for Windows clients and NFS for Unix/Linux clients. Leopard Server also supports secure NFS access via Kerberos. File Transfer Protocol access is also included as a file service in Mac OS X Server, though it is somewhat difficult to consider it in same ballpark as the other three.
Configuring file services is arguably easier under Mac OS X Server. Certainly, the built-in support for multiple file- and print-sharing protocols gives Mac OS X Server a leg up in multiplatform environments. The support for all three protocols is much more streamlined and intuitive to manage than is relying on Microsoft’s Services for Mac and Services for Unix under Windows Server.
In particular, Services for Mac has never been well-regarded, and there are multiple third-party AFP servers that deliver better Mac configuration options and performance for Windows Server. Extremez IP is the best-known of these third-party tools. In a number of situations, it can simply be easier to rely on Mac OS X’s built-in SMB client than to rely on Windows’ Services for Mac.
Internet and Web-based collaborative services
Both Windows Server and Mac OS X Server come with built-in Web servers (Internet Information Server and Apache, respectively). Long-standing comparisons exist between these two systems, and I won’t bother to repeat that debate. Beyond basic Web services, however, Microsoft has offered Windows SharePoint Services as a free add-on for some time.
Until now, Apple has not readily embraced collaborative Web tools beyond basic blogging support. Leopard Server promises a greatly enhanced collaborative tool set, including easy-to-configure blog and wiki support. This will be incredibly easy to administer and integrates with directory services very well. So, it appears that these features will be on similar ground, with Leopard having a slight edge in ease of administration.
E-mail, messaging and calendaring
Both Windows Server and Leopard Server ship with basic e-mail capabilities. Advanced messaging and related collaborative tools for shared contacts, calendaring and instant messaging are available from Microsoft in the form of Exchange Server. Leopard Server also ships with a secure instant messaging server — the Jabber-based iChat Server. Also, shared contacts in Open Directory are available for Mac OS X’s Address Book and other products that support LDAP-based contact lookup.
Exchange has always had a leg up in offering a variety of tools beyond e-mail, such as shared calendaring, which users commonly rely upon. Leopard Server’s iCal Server, however, is poised to level that playing field significantly. iCal Server is based on the open CalDAV standard and is supported by a number of clients on various computing platforms. Not being directly integrated as Exchange is with Outlook makes iCal Server somewhat more flexible — as does the variety of e-mail and calendar applications available for Leopard Server clients.
What makes Leopard Server particularly attractive on this front compared with Exchange is that it includes most of the functionality of Exchange without requiring the investment in two server products — Windows Server and Exchange Server — and two sets of client access licenses (CAL). Leopard Server does lack shared-note and to-do features, though.
Both Windows Server and Mac OS X Server offer remote deployment and update services. It isn’t truly possible to compare them because they are aimed at their respective native client platforms. The closest one could get would be to consider the options for deploying a dual-platform Mac client using Apple’s Boot Camp or virtualization tools from Parallels or VMware.
As mentioned earlier, robust client management features are available to both Windows Server and Mac OS X Server. Like deployment services, they are very much specific to their own platforms. Still, Mac OS X’s client management options are significantly easier for new administrators to grasp, and it is often easier to predict how managed preferences will interact with one another than trying to do so for Windows group policies.
Third-party systems and mechanisms for using both Mac OS X Server and Windows Server within a single network — each for managing the preferences of their native clients — do exist. The tools implement managed preferences on Mac OS X clients from Windows Server and Active Directory. At this time, however, there are no comparable offerings for advanced management of Windows clients via Mac OS X Server.
As with clustering and storage-area network (SAN) support, Leopard’s support for server virtualization is limited to certain Windows Server Enterprise editions and above. In a change from its previous antivirtualization approach, Apple’s end-user license agreement for Leopard Server does permit virtualization. Since this news is so recent, tools to actually implement virtualization under Leopard Server aren’t yet available. VMware and Parallels have both indicated interest in developing such tools.
Both VMware Fusion and Parallels Desktop can run server and client operating systems, though the current focus of both products has primarily been on virtualizing client systems, including Windows XP and Vista. This means that, at the moment, you can theoretically virtualize one or more instances of Windows Server or any other platform on Mac OS X Server. So there are some significant virtualization possibilities already. In particular, this allows you to have the benefits of Mac OS X Server and Windows Server on one machine, which could be useful if you’re looking to roll out a multiplatform environment.
Prior to Leopard Server’s release, Parallels had begun developing a server-specific virtualization package for Mac OS X Server, and it seems likely that this package will eventually include support for virtualizing Leopard Server along with other server operating systems. This will significantly expand the virtualization options for Leopard Server. At the moment, however, virtualization tools for Leopard Server have yet to reach the breadth of what is available for other server platforms.
Which server is best for small business?
Small businesses form a unique market in the IT sector. They often need the features of a server platform but do not have the budgets to employ a full IT staff — or any IT staff in many cases. They also need a solution that will support future growth. For this market, Microsoft ships a lower-cost version of Windows Server known as Windows Small Business Server that includes many Windows Server features, including Active Directory and Exchange.
While this is adequate for many businesses, the product has some distinct limitations for future growth. Active Directory support is limited in that only a single domain controller is supported with no replication options. That domain controller can’t establish trusts with other domains, essentially limiting an organization to a single domain.
If an organization starts with or grows to multiple sites, the lack of replication means that every user log-in — or other Active Directory query — must be process across the network links between sites, often at the cost of slow performance and network congestion. Larger numbers of users can also result in decreased performance, even at a single site. (Microsoft suggests that Small Business Server is appropriate for organizations of up to about 75 users.) It also relies on a separate client-licensing method from other Windows Server products and typically has a limit to the maximum number of CALs allowed. When an organization outgrows Windows Small Business Server, it can purchase a transition kit to upgrade to one of the other Windows Server versions.
Mac OS X Server’s unlimited client version may actually be more expensive than an initial Windows Small Business Server purchase, depending on the number of CALs. However, it provides organizations with significantly more room to grow. There is no limit to the number of users or for replication to additional servers.
More importantly, Apple has designed Leopard Server specifically for smaller organizations that have little or no IT staffers. The product features a simplified setup process that entry-level technicians or power users can master. It also has a very simple management tool known as Server Preferences, with an interface borrowed from Mac OS X’s System Preferences utility.
The sheer simplicity of this interface and its ability to help manage many server features (file sharing, calendaring, e-mail and messaging, Web services, etc.) is amazing. It can be grasped by anyone with a moderate level of technical knowledge, though some troubleshooting will probably require a call to Apple’s technical support or to a consultant. As an organization grows and staffers are hired or trained in more advanced server management, Leopard Server’s simplified interface can be traded for the more traditional administration tools.
This combination of an easy interface and planned growth options makes Leopard Server a much more attractive option than Windows Small Business Server for small businesses and other organizations. Since it offers full multiplatform support, it provides an excellent option for all-Mac, Mac/Windows and even all-Windows shops. For this market, Windows Server’s limitations for growth and the lack of truly simple setup and management make it notably less than ideal by comparison with Leopard Server.
Which is best for midsize to large infrastructures?
While Leopard Server stands to deliver a clear win for small business, larger organizations can be a different matter. In many cases, larger organizations tend to have an investment in an existing system for servers and/or clients. While migrations are perfectly possible, many organizations will likely be in a situation of integrating both platforms rather than making a complete switch. Leopard Server’s innovations in terms of Active Directory integration make it a strong contender in many environments, particularly those that have even a modest number of Mac clients.
The emphasis on low-cost e-mail, messaging and calendaring make Leopard Server a particularly attractive option for organizations that are just beginning to look for multiplatform solutions. At present, there are no options for direct integration with Outlook or Exchange, which don’t support the open CalDAV standard that Leopard Server uses, but some developers are already looking into developing such systems.
Also, the ease of configuration of collaborative tools and the fact that Apple has based them on open standards makes Leopard Server — by itself or with Windows Server — an ideal platform for any moderately sized organization looking to make staff interaction and project management easier. The new Directory application that leverages directory services for organizational, staff, departmental and even facilities information also makes Leopard Server as attractive as an administrative tool as it is a server platform.
For midsize organizations that want a solid system without the cost or confusion associated with Windows licensing, Leopard Server is an ideal candidate as well. With a listed price tag (US$999), Leopard Server costs the same as an initial investment in Windows Server Standard edition when the latter is purchased with five client-access licenses. Leopard Server also has a range of features typically found in some of the more expensive Windows Server releases. Again, Leopard Server’s multiplatform support provides great flexibility and easy setup for environments with Mac and Unix/Linux clients in addition to Windows workstations.
Which is best for enterprise and data center environments?
Although effective in the enterprise arena, Apple has never quite managed to position its server products (beyond the popular Xserve RAID and Xsan storage products) as effectively as they deserve to be. There are any number of explanations for this, including that Apple didn’t really ship enterprise offerings for many years and that, even though Apple is now shipping high-quality enterprise products, the company refuses to publish long-term road maps for them. Apple’s own enterprise-level support and service have also proven problematic. Given the power and scalability that Apple’s Xserve and Mac OS X Server offer, along with Mac OS X Server’s relatively low cost, it is a shame that Apple has yet to get the right footing in the enterprise market.
That said, many of the technologies in Leopard Server are enterprise-worthy. While climbing some learning curve may be required to move to Mac OS X Server, the platform should not be immediately discounted. The technologies that it employs are robust and often very well-designed with a solid basis in open standards and open-source systems. This open-source architecture makes Mac OS X Server much more flexible because experienced engineers can easily expand on Apple products.
Finally, as Apple gains more traction in the desktop market, Macs are appearing in greater numbers in both new and traditional Apple-friendly markets including education. Several universities, including Princeton and Cornell reported an record increase of Macs this semester.
In addition, Apple’s share of computers connected to the Internet climbed to a new record in September, with about 6.6% of all those online running Mac OS X, according to a recent report from Net Applications. And for the quarter ended Sept. 29, Apple reported that Macintosh sales were up by 34% over the same quarter last year, breaking its old record by 400,000 machines.
If this trend increases or even just continues, the need to support these users will become a greater requirement in shops of all sizes. Given the added possibilities that Mac OS X Server offers beyond simple client management, it is worth consideration in many organizations, ranging from small businesses to enterprise networks.
Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. You can find more information at www.ryanfaas.com and can e-mail him at firstname.lastname@example.org.